Re: ld.so and LD_PRELOAD
On Fri, Jun 06, 2003 at 02:02:07PM -0400, Ben Collins wrote:
> I don't know too much about SE Linux, but what keeps someone who has
> root from dropping their own ld-linux.so.2 in there?
>
> I assume that SE Linux has some higherlevel traps than just root and
> not-root. What keeps them from doing:
>
> ./myld.so /bin/program-to-exploit
>
> though? Is /lib/ld-linux.so.2 given some filesystem based attributes
> that gives it higher capabilities than some copied ld.so?
IIRC this is not a problem.
/lib/ld-linux.so.2 won't have the same file label as
/bin/program-to-exploit (which causes the domain to change).
So execing /lib/ld-linux.so.2 won't cause the domain to change.
I am not sure how /lib/ld-linux.so.2 runs the program, but it doesn't
fork or exec, so the domain will remain the same.
--
Brian May <bam@debian.org>
Reply to: